- Polyglot inputs:
<s>000'")};--//
- uniscan - useful for fingerprinting the webserver. The uniscan comes by default with Kali
- nikto - useful for idetifying known web vulnerabilities. The nikto also comes by default with Kali. Start command:
nikto -h example.com - subfinder - a passive tool to detect the subdomains of the domain by using several external source. Some sources requires API key.
- nmap - tries to find the running services on the host. The nmap comes with Kali by default
- netcat - swiss army knife for networking. The netcat comes with Kali by default
- Trity - tool for social engineering
- Assetnote organization provides list of wordlist. Link to the organization: here
- crunch - can generate automatically the wordlist
- In Kali you can change your MAC address
- weevely - generate the PHP reverse shell script for file inclusion vulnerabilities. By default comes with KALI.
- hydra - tool for the brute force attack
- nishang - is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing. Github link